140 likes | 489 Views
Password Cracking With Rainbow Tables. Spencer Dawson. Summary. What are rainbow tables? A time and memory tradeoff in password cracking. A piecewise approach to one-way hashes What are the advantages/disadvantages Best uses Limitations How to use rainbow tables. What are rainbow tables?.
E N D
Password Cracking With Rainbow Tables Spencer Dawson
Summary • What are rainbow tables? • A time and memory tradeoff in password cracking. • A piecewise approach to one-way hashes • What are the advantages/disadvantages • Best uses • Limitations • How to use rainbow tables.
What are rainbow tables? • A rainbow table is a lookup table offering a time-memory tradeoff used in recovering the plaintext password from a password hash generated by a hash function • Approach invented by Martin Hellman • The concept behind rainbow tables is simple • Make one-way hash functions two way by making a list of outputs for all possible inputs up to a character limit
What are the limitations? • Rainbow Tables are Large • A rainbow table set for windows NTHASH exactly 8 characters including only 0-10, a-z, A-Z, and the symbols !* is 134.6GB • 9+ character rainbow tables can take up terabytes of space. • Generating rainbow tables requires more time than a brute force attack • Always “worst case” time complexity. • Requires access to the password hash • Salting passwords can make the approach unfeasable
Hash Table Advantages • Rainbow Tables are built once, and used many times • Fast • Password lookups become a table search problem • The brute force work is pre-computed • Perfect for cracking weak hashes • Windows LM hashes of 14 characters or less can be cracked with trivial effort • Any non salting password hash can be cracked easily
Examples • Rainbow table cracking online • http://lmcrack.com/